The Personal Data Protection Bill was finally introduced in the Parliament earlier this week. Unlike most other bills introduced by the BJP, this one was not rushed through the Parliament; instead, it has been sent to a committee made up of multiple parties' members.

A bill about data usage and storage was needed due to privacy concerns with scandals like Cambridge Analytica, Pegasus, etc. However, there are a few concerning aspects of the draft in its current form. Namely, the amount of data the government can access without individual consent. Here are the key points in the Data Protection Bill that you should be aware of, in regards to your privacy and information.

Data Protection Bill And Private Firms

Private companies such as Google, Facebook, and more have access to a huge amount of information regarding users and their online activity. Chances are, you've never even read the complex, lengthy Privacy Policy before accepting it. This means that you basically could have handed off any kind of rights to your personal information without a second thought.

This was the main problem that the Personal Data Protection Bill was meant to tackle. Modelled largely after the EU’s General Data Protection Regulation, your personal information can’t be collected, processed or shared without your consent. Only data that is necessary for these firms can be collected, for the period of time that it is needed.

Furthermore, privacy agreements need to be changed to be easily understandable and accessible. This is great, as people may finally know where their data can and can't legally be used. Anyone can ask for their data to be deleted, moved, or withdraw their consent entirely.

Most personal data can be transferred internationally. "Sensitive" personal data must be stored in India and can be processed internationally if that is approved by a "regulator." "Critical" personal data can only be stored and processed within the country

How Much Data Can The Government See?

Starting with data firms possess, the government can ask for an "anonymised, non-personal" version at any time for 'policy-making' or other public services. This insight can help things like traffic-planning through cab-service data, etc. However, even anonymised data can say a lot about regions, communities, etc. Such trends can be used for propaganda, targetting, and several other purposes if within reach of the wrong hands. There are no particular details or laws about how this data can be processed, rendering any action the "regulator" approves pretty much legal.

The exceptions regarding government access to personal data are the biggest concern. Citing reasons like national security, friendly relations, and public order, any government agency can be exempted from the laws surrounding the usage of personal data. No consent is required from the individual for access, of course, hence they may be unknowingly be monitored.

Justice B. N. Srikrishna, who led the committee responsible for drafting the 2018 version of the Personal Data Protection Bill, disapproves of the current form it was introduced to the parliament in. It "will turn India into an Orwellian State," he says to the Economic Times, referring to the writer George Orwell's book 1984 about a complete authoritarian state where people's lives are fully monitored and everyone is brainwashed.

“They have removed the safeguards. That is most dangerous. The government can at any time access private data or government agency data on grounds of sovereignty or public order."

"Governments have the ability to coerce individuals into certain behaviours by force," says Livemint, highlighting the concerns about this bill.

In contrast, developed countries such those in EU have a strict legal framework limiting such government access and ensuring democratic freedom. Democracy, one of the pillar stones of the constitution.

Who Are These Regulators?

The regulators will be the Data Protection of Authority of India, set up by the government to prevent misuse and ensure compliance. However, without an external or independent authority for such monitoring, it is unlikely that the government, the very appointers of the regulators, shall be opposed. DPA's orders can only be challenged by an appellate tribunal (a special court to hear particular appeals) that shall then go to the Supreme Court.

Strict enforcement remains unlikely given India's tumultuous, large, and complicated political structure. A law without enforcement has very little meaning, of course.

The bill will only be considered by the Parliamentary houses next session, as the Winter Session ends today. One can only hope that the flaws and dangers to privacy present in its current form are addressed by the committee and enacted by parliamentarians, to ensure the right to a free, democratic life for all citizens.